Statement of GDPR Compliance

Statement of GDPR Compliance

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) enforceable from 25 May 2018.

The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.

The GDPR applies to data processing carried out by organisations operating within the EU.
It also applies to organisations outside the EU that offer goods or services to individuals in the EU. Apreco Ltd can be considered a Data Controller as we are an employer and hold records about our employees. We are also a Data Processor in respect of personal information supplied to us by our customers and suppliers.

Apreco Ltd will endeavour to comply with the GDPR as a processor and controller of data and have been reviewing in-house operations to ensure we deliver what is required by the legislation. This will involve working with our customers, suppliers and third parties to ensure
they can meet these obligations also.

As we work towards compliance, we are currently reviewing the following to ensure we
deliver best practice;

  • Customer Data: consent, collation, use, storage and review.
  • Supplier Data; consent, collation use, storage and review.
  • General Policy Review: we will review and develop our range of policies including
  • Privacy Policy, Data Protection Policy, Data Breach Policy, Business Continuity Plan, Subject Access Requests.
  • Website Data Collection & Consent: Privacy Policy: we will update our privacy policy to incorporate the GDPR obligations including the Right to Suppress Processing & Access to Personal Data.
  • Data Impact Assessments: we are already undertaking a systematic review of the data we store, manage, maintain, collect, process and control. This includes offline storage and paper records. Assessments of the data will review information flow, any data transfers and risk in relation to Lawfulness, Purpose, Minimisation, Accuracy, Consent, Limitation, Integrity & Confidentiality, Record Keeping and Accountability.
  • Training & Awareness: we will undertake training to all employees on the GDPR and its impact on the new policies, procedures, and responsibilities of Employees.
  • Supplier & Distributor relationships: where applicable, we will be using all reasonable endeavours to ensure that our third party and suppliers are complying with the GDPR.
  • IT: we are currently reviewing our technology platforms to assess their operation, security and compliance in order to ensure that they meet the standards required.

Apreco Ltd is already committed to safeguarding information security and will continue to
assess and monitor its procedures and processes to ensure GDPR compliance from May
2018.

Share this Post: Facebook Twitter Pinterest Google Plus StumbleUpon Reddit RSS Email

Comments are closed.